Steve Kemp from the Debian Security Audit Project discovered a problem in
xitalk, a talk intercept utility for the X Window System. A local
user can exploit this problem and execute arbitrary commands under the
GID utmp. This could be used by an attacker to remove traces from the
utmp file.

For the stable distribution (woody) this problem has been fixed in
version 1.1.11-9.1woody1.